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authorized communicability information and user status information, in the form of a log-in valid 
message, without requesting server 770 to conduct an enhanced authentication session. 

INTHE CLAJMS: 
Please cancel claims 1-43 and add new claims 44-1 14 as follows: 

44. An edge node for authorizing an end-npde to an institutional LAN, the edge node 
comprising: / 

1 an interface for receiving user information fro|m the end-node via a LAN link for verification, 

1 wherein prior to verification of the user information the end-node is authorized to transmit 
id receive through the edge node packets in an authentication flow involving the end-node and 
"wherein the end-node is authorized based at least/n part on the verification of the user information 
to transmit and receive through the edge node packets in data flows involving the end-node and other 
nodes in the institutional LAN. 

45. An edge node for authorizing/an end-node to an institutional LAN, the edge node 
comprising: 

an interface for receiving user information from the end-node via a LAN link for verification, 
wherein prior to verification of theiuser information the end-node is authorized to transmit 
and receive through the edge node packetfs in an authentication flow involving the end-node and 
wherein at least in part in response to tne verification of the user information the end-node is 
authorized to transmit and receive through the edge node packets in data flows involving the end- 
node, and / 

wherein the edge node performs LAN media translations on the packets in the data flows. 

46. An edge node for authorizing an end-node, the edge node comprising: 
an interface for receiving useninformation from the end-node via a LAN link for verification, 
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wherein prior to verification of the 
and receive through the edge node packets 
wherein at least in part in response to 
to transmit and receive through the edge 

wherein the edge node switches 
addresses. 



user information the end-node is authorized to transmit 
in an authentication flow involving the end-node and 
verification of the user information the end-node is authorized 
npde packets in data flows involving the end-node, and 
the! packets in the data flows based at least in part on MAC 



47. An edge node for authorizing an end-node, the edge node comprising: 

an interface for receiving user information from the end-node via a LAN link for verification, 
wherein the end-node accesses the edge node via the interface and wherein at least in part in 

/ 

response to verification of the user information the interface transitions from an unauthenticated to 
an authenticated state, whereupon the edge node is authorized to transmit and receive packets in data 
flows involving the end-node and other nodes in the institutional LAN. 

48. The edge node of claim 47, wherein the interface reverts to the unauthenticated state 
if a packet is not received from the end-node for a predetermined time period. 



• . - 49. The edge node of claim 47, wherein the interface reverts to the unauthenticated state 
upon detecting that the end-node has/become disconnected. 



50. An edge node for authorizing an end-node, the edge node comprising: 
an interface for receiving usefr information from an end-node via a LAN link for verification, 
wherein the end-node accesses the edge node via a LAN interface and wherein at least in part 
in response to verification of the user information the interface transitions from an unauthenticated 
to an authenticated state, whereupdn the edge node is authorized to transmit and receive packets in 



data flows involving the end-node 



and 



wherein the edge node performs LAN media translations on the packets in the data flows. 
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51. An edge node for authorizing an end-node, the edge node comprising: 

an interface for receiving user information from the end-node via a LAN link for verification, 
wherein the end-node accesses the edge node via the interface and wherein at least in part in 

response to verification of the user information the interface transitions from an unauthenticated to 

an authenticated state, whereupon the edge ipde is authorized to transmit and receive packets in data 

flows involving the end-node, and 

wherein the edge node switches the jackets in the data flows based at least in part on MAC 

addresses. 

52. An edge node for authorizing an end-node to an institutional LAN, the edge node 
comprising: 

an interface for receiving user infornhation from the end-node via a LAN link for verification, 
wherein the edge node regulates packet flows from the end-node to an institutional LAN 
including verifying the user information. 



53. An edge node for authorising an end-node to an institutional LAN, the edge node 
comprising: 

an interface for receiving user information from the end-node via a LAN link for verification, 
wherein the edge node regulates packet flows from the end-node including verifying the user 
information and performing LAN media translations. 



54. An edge node for authorizing an end-node to an institutional LAN, the edge node 
comprising: 

an interface for receiving user information from the end-node via a LAN link for verification, 
wherein the edge node regulates packet flows from the end-node including verifying the user 
information and performing LAN switching based at least in part on MAC addresses. 
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55. An authentications agent for representing an edge node in an authentication protocol 
exchange with an end-node for access to an institutional LAN, the agent comprising: 

means for transmitting a request for user information via a LAN link to the end-node; 

means for receiving user information from the end-node via a LAN link in response to the 
request; 

means for transmitting the u^er information to an authentication server for verification; 
means for receiving verification information from the authentication server at least in part 
in response to the user information; 2nd 

]f the end-node to services of the institutional LAN available 
the verification information. 



means for regulating access o 
through the edge node in response to 



56. The authentication agent of claim 55, wherein the authentication agent is a software 
program. 

57. The authentication /igent of claim 55, wherein the authentication agent is resident on 
the edge node. 

58. The authentication agent of claim 55, wherein the authentication agent further 
includes means for transmitting /the verification information to the end-node. 

59. A system for authorizing an end-node to a LAN infrastructure, the system comprising: 
an edge node; and 

an interface associated With the edge node for receiving authentication information from an 



end-node via a LAN link for v 



jrification; and 



wherein the edge node 



an authentication serve : coupled to the edge node, 



>rwards the authentication information to the authentication server 



and the authentication server verifies the authentication information and provides a notification to 
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the edge node that the authentication information has been verified, whereupon the end-node is 
authorized for access to servicesW a LAN infrastructure via the edge node. 

60. The system of claim 59, wherein the authentication server is a RADIUS server. 



61. A user authenticati on system comprising: 
an edge node; 

an interface on the edge node for receiving a authentication information from an end-node 
via a LAN link for verification; and 

an authentication server coupled to the edge node; 

wherein the edge node forwards the authentication information to the authentication server 
and the authentication server verifies the authentication information and provides a notification to 
the edge node that the authentica tion information has been verified, whereupon the edge node is 
authorized to provide LAN switching functions for packet flows involving the end-node. 

62. The system of claim 61, wherein the authentication server is a RADIUS server. 



63. The system of cliim 
and filtering packets in function 



im 61, wherein the LAN switching functions include forwarding 
of MAC addresses. 



64. The system of cl iim 61, wherein the LAN switching functions include performing 
LAN media translations on the packets. 

65. An authentication system for authorizing an end-node, the system comprising: 
an edge node; 

node for receiving a authentication information from the end-node 
and 



an interface on the edge 
via a LAN link for verification; 



an authentication server coupled to the edge node; 
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wherein a message exchange between the edge node and the authentication server is 
conducted to verify the authentication information, whereupon the end-node is authorized for access 
to services of a LAN infrastructure via the edge node, and 

wherein a security protocol is applied to secure the message exchange between the edge node 
and the authentication server. 

66. An authentication system for authorizing an end-node, the system comprising: 
a LAN interface for receiving user information from the end-node via a LAN link; 
an authentication age^t for receiving the user information from the LAN interface via a 
switching link; 

a backbone interface for receiving the user information from the authentication agent via the 
switching link; and 

an authentication sefver for receiving the user information from the backbone interface for 
verification, 

wherein prior to verification of the user information the LAN interface transmits on the 
switching link packets in m authentication flow involving the end-node and wherein at least in part 



in response to verification 
switching link packets in 



of the user information the LAN interface is authorized to transmit on the 
data flows involving the end-node. 



67. An authentication system for authorizing an end-node, the system comprising: 
an edge node; 

an interface associated with the edge node for managing interactions on a LAN link with the 
end-node in an authentication protocol exchange; and 

an authentication server coupled to the edge node; 

wherein the edge node forwards information concerning the authentication protocol exchange 
to the authentication server in response to which the authentication server generates and stores in a 
database tracking information concerning the authentication protocol exchange. 
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68. The system 

69. The system 
information. 



of claim 67, wherein the tracking information includes user information. 



3f claim 67, wherein the tracking information includes network location 



sni 



70. The system of claim 67, wherein the tracking information includes time-of-day 
information. 



71. A method/for representing an edge node in an authentication protocol exchange with 
an end-node for access to an institutional LAN, the method comprising: 

transmitting a request for user information via a LAN link to the end-node; 

receiving user information from the end-node via the LAN link in response to the request; 

transmitting me user information to an authentication server for verification; 

receiving verification information from the authentication server at least in part in response 
to the user information; and 

regulating access of the end-node to services of the institutional LAN available through the 
edge node in response to the verification information. 



72. The method of claim 71 further comprising the step of transmitting the verification 
information to the end-node. 

73. A user authentication system for an institutional LAN having an edge node, the 
system comprising: 

an end-nc de; and 

an interfa:e on the end-node for transmitting user information via a LAN link to the edge 
node for verification, 

wherein praor to verification of the user information the end-node is authorized to transmit 
and receive through the edge node packets in an authentication flow involving the end-node and 
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wherein at least in part in response to the verifi :ation of the user information the end-node is 
authorized to transmit and receive through the edge node packets in data flows involving the end- 
node and other nodes in the institutional LAN. 



€3 



74. A user authentication system /or an institutional LAN having an edge node, the 
ystem comprising: 

an end-node; and 

an interface on the end-node foj[ transmitting user information via a LAN link to the edge 

node; 

wherein prior to verification of the user information the end-node is authorized to transmit 
and receive through the edge node packets in an authentication flow involving the end-node and 
wherein at least in part in response to verification of the user information the end-node is authorized 
to transmit and receive through the edge node packets in data flows involving the end-node, and 

wherein the edge node performs LAN media translations on the packets in the data flows. 



75. A ^er authentication system for an institutional LAN having an edge node, the 
system comprisii 

an endTnode; and 

an interface on the end-node for transmitting user information via a LAN link to the edge 
node for verification, 

wherein prior to verification of the user information the end- node is authorized to transmit 
and recmve through the edge node packets in an authentication flow involving the end-node and 
wherein at least in part in response to verification of the user information the end-node is authorized 
to transmit and receive through the edge node packets in data flows involving the end-node, and 

wherein the edge node switches the packets in the data flows based at least in part on MAC 
addrbsses. 
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76. A user authenticatioirsystem for an institutional LAN having an edge node with a first 
interface, the system comprising: \ 
an end-node; and \ 

a second interface on the end-node for transmitting user information via a LAN link to the 



edge node for verification, 

wherein the end-node accesses the edge node via the first interface and wherein at least in 
part in response to verification of the; user information the first interface transitions from an 
unauthenticated to an authenticated st£ te, whereupon the end-node is authorized to transmit and 
receive via the edge node packets in da ;a flows involving the end-node. 



77. The system of claim 76, 
if a packet is not received from the em 



wherein the first interface reverts to the unauthenticated state 
-node for a predetermined time period. 



78. The system of claim 7X wherein the first interface reverts to the unauthenticated state 
upon detecting that the end-node has become disconnected. 

79. A user authentication system for an institutional LAN having an edge node with a first 
interface, the system comprising: 

an end-node; and 

a second interface on the ^nd-node for transmitting user information via a LAN link to the 
edge node for verification, 

wherein the end-node adbesses the edge node via the first interface and wherein at least in 
part in response to verification of the user information the first interface transitions from an 
unauthenticated to an authenticated state, whereupon the end-node is authorized to transmit and 
receive via the edge node packets in data flows involving the end-node, and 

wherein the edge node performs LAN media translations on the packets in the data flows. 

80. A user authentication system for an institutional LAN having an edge node with a first 
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wherein the edge n 
addresses. 



interface, the system comprising: 
an end-node; and 

a second interface oil the end-node for transmitting user information via a LAN link to the 
edge node for verification, 

wherein the end-node accesses the edge node via the first interface and wherein at least in 
part in response to verification of the user information the first interface transitions from an 
unauthenticated to an authenticated state, whereupon the end-node is authorized to transmit and 
receive via the edge node p ickets in data flows involving the end-node, and 

e switches the packets in the data flows based at least in part on MAC 



old 



81. A user authentication system for an institutional LAN having an edge node, the 
system comprising: 

g a user interface for receiving user information and a LAN interface for 
transmitting the user information via a LAN link to the edge node, 

wherein the end-rpde is authorized to send and receive through the edge node packets in data 
flows involving the end-node only after verification of the user information. 



82. A user authentication system for an institutional LAN having an edge node, the 
system comprising: 

an end-hode having a user interface for receiving user information and a LAN 
interface for transmitting the user information via a LAN link to the edge node, 

wherein the edge node regulates packet flows from the end-node including subjecting the user 
information to verification and performing LAN media translations. 



83. A user authentication system for an institutional LAN having an edge node, the 
system comprising^ 
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an end-node having a user interface for receiving user information and a LAN interface for 
transmitting the user information via a LAN link to the edge node, 

wherein the edge node regulates packet flows from the end-node including subj ecting the user 
information to verification and performing LAN switching based at least in part on MAC addresses. 




84. An authentication client: for representing an end-node in an authentication protocol 
change with an edge node coupled to the end-node via a LAN link to obtain access for the end- 
node to services of an institutional LAN available through the edge node, the client comprising: 
means for receiving a request fdr user information from the edge node; and 
means for transmitting user information to the edge node in response to the request. 



0 
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85. The authentication client of claim 84, wherein the authentication client is a software 
program. 

86. The authentication elicit of claim 84, wherein the authentication client is resident on 
the end-node. 

87. The authentication cpent of claim 84, further comprising means for receiving a 
request for second user information from the edge node in response to the user information. 

88. The authentication fclient of claim 87, further comprising means for transmitting the 
second user information to the edge node in response to the request for second user information. 

89. The authentication client of claim 88, further comprising means for receiving verification 
information from the edge deviqe in response to the second user information. 



90. The authentication client of claim 84, wherein the end-node is a personal computer. 
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91. The authentication client of claim 84, further comprising means for receiving 
verification information from the edge device in response to the user information. 

92. A system for Authenticating a user including an edge node and an authentication 
server coupled to the edge node, the system comprising: 

an end-node having a iser interface for receiving a authentication information and a LAN 
interface for transmitting the authentication information on a LAN link to the edge node, 

wherein the edge node forwards the authentication information to the authentication server 
and the authentication server verifies the authentication information and provides a notification to 
the edge node that the authentication information has been verified, whereupon the end-node is 
authorized for access to services of a LAN infrastructure via the edge node. 

93. A system for authenticating a user including an edge node and an authentication 
server coupled to the edge nod e, the system comprising: 

an end-node having a lser interface for receiving a authentication information and a LAN 
interface for transmitting the i uthentication information on a LAN link to the edge node, 

wherein the edge node forwards the authentication information to the authentication server 
and the authentication server verifies the authentication information and provides a notification to 
the edge node that the authei tication information has been verified, whereupon the edge node is 
authorized to provide LAN s pitching functions for packet flows involving the end-node. 



94. The system o 7 claim 93, wherein the LAN switching functions include forwarding 
and filtering in function of MAC addresses. 



95. The system c 
translations. 



96. A system fcjr 
server coupled to the edge 



claim 93, wherein the LAN switching functions include LAN media 



node. 



authenticating a user including an edge node and an authentication 
, the system comprising: 



V 
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an end-node having a user interface for receiving a authentication information and a LAN 
interface for transmitting the authentication information on a LAN link to the edge node, 

wherein a message exchange between the edge node and the authentication server is 
conducted to verify the authentication information, whereupon the end-node is authorized for access 
to services of an institutional LAN via the edge node, and 



wherein a security protoco 
and the authentication server. 




is applied to secure the message exchange between the edge node 



97. A system for authenticating a user including an edge node and an authentication 
server coupled to the edge node, i he system comprising: 

an end-node having a i ser interface for managing interactions with the user in an 
authentication protocol exchange and a LAN interface for managing interactions on a LAN link with 
the edge node in the authentication protocol exchange, 

wherein the edge node for vards information concerning the authentication protocol exchange 
to the authentication server in response to which the authentication server generates and stores in a 
database tracking information concerning the authentication protocol exchange. 

98 . The system of cla m 97, wherein the tracking information includes user information. 

99. The system of cIe im 97, wherein the tracking information includes network location 
information. 

100. The system of claim 97, wherein the tracking information includes time-of-day 
information. 

101. A method for rep resenting an end-node in an authentication protocol exchange with 
an edge node coupled to the enc -node via a LAN link to obtain access for the end-node to services 
of an institutional LAN available through the edge node, the method comprising: 



\ 
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receiving a request for user information from the edge node; and 



transmitting user informa 



102. The method of ch im 101, further comprising the step of receiving first verification 



information from the edge node 



in response to the user information. 



103. The method of c 
second user information from the; 



104. The method 
information to the edge node in 



ion to the edge node in response to the request. 



aim 102, further comprising the step of receiving a request for 
edge node in response to the first verification information. 



of cl^im 103, further comprising the step of transmitting second user 
ijesponse to the request for second user information. 



1 05 . The method of cla m 1 04, further comprising the step of receiving second verification 
information from the edge device in response to the second user information. 

106. An authentication system for authorizing an end-node to an institutional LAN, the 
system comprising: 

an edge node having an interface for receiving a first response containing first user 
information and second response containing second user information from the end-node via a LAN 
link for verification, and 

wherein prior to verifica ion of the second user information the end-node is authorized to 
transmit and receive through the sdge node packets in an authentication flow involving the end-node 
and wherein the end-node is autl orized in response to the verification of the second user information 
to transmit and receive through the edge node packets in data flows involving the end-node and other 
nodes in the institutional LAN. 



claim 106 wherein the second user information is received after 



107. The system of 
verification of the first user information 
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1 08. The system of claim 1 06, kirther comprising an authentication server coupled to the 
edge node wherein the edge node transmitathe second user information to the authentication server, 
and the second authentication server verifies the second user information. 



r^ 3 



109. A user authentication system ibr authorizing an end-node to an institutional LAN, the 
system comprising: 

an edge node having an interface for receiving first user information and second user 
information from the end-node via a LAN link for verification, 

ion of the first user information, and upon verification 
of the first user information, the edge nod^ receives and causes verification of the second user 
information, and 

wherein in response to verification Jof the second user information the interface transitions 
from an unauthenticated to an authenticated state, whereupon the edge node is authorized to transmit 
and receive packets in data flows involving the end-node and other nodes in the institutional LAN. 

110. An edge node for authorizing an end-node to an institutional LAN, the edge node 
comprising: 

an interface for receiving first jhser information and second user information from the end- 
node via a LAN link for verification,) 

wherein the edge node regulates packet flows from the end-node to an institutional LAN 
including causing verification of the first user information and second user information. 



111. A system for accessing an institutional LAN having an edge node, the system 
comprising: 

an end-node; and 



an interface on the en 
authentication information vi£ 



node for transmitting first authentication information and second 
a LAN link to the edge node for verification, 
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wherein the end-node is initially authorized to transmit and receive through the edge node 
packets in an authentication flow involving the end-node and wherein in response to the verification 
of the second authentication information the end-node is authorized to transmit and receive through 
the edge node packets in data flows involving the end-node and other nodes in the institutional LAN. 

112. A method for authorizing an end-node to an institutional LAN having a plurality of 
nodes including an edge node, the method comprising: 

enabling an authentication flow between the end-node and the edge node via a LAN link; 

receiving first authentication information from the end-node; 

performing a first verific^fion attempt on the first authentication information; 

depending upon a result of the first verification attempt, soliciting or not second 
authentication information from the end-node; 

performing a second verification attempt on the second authentication information; and 

depending upon a result of the second verification attempt, authorizing or not the end-node 
to transmit and receive through the edge node packets in data flows involving the end-node and the 
other nodes in the institutional LAN. 

113. A method for authorizing an end-node to an institutional LAN having a plurality of 
nodes including an edge node, the method comprising: 

transmitting from the end-node to the edge node via a LAN link first user information; 

receiving arequest for second user information upon verification of the first user information; 

transmitting the second user information in response to the request; 

obtaining, upon verification of the second user information, authorization to transmit and 
receive through the edge node packets in data flows involving the end-node and the other nodes in 
the institutional LAN. 



114. 

translations 1 



The method of claim 86, further comprising the step of performing LAN media 
ithin the edge node on packets transferred by the end-node through the edge node after 



the second comparison. 
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